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WHAT IS CLAIMED 



1 1. A data flow classification system comprising: 

2 a data flow managing mechanism configured to identify, track, and manage 

3 said data flow; 

4 a rule set including a plurality of rules for comparing information contained 

5 in said data flow with pre- specified values; 

_ 6 a configurable classification rule engine for classifying said data flow into 

7 one of a plurality of traffic classes based on results of said comparisons between said rules 

kj 8 and said pre-specified values; 

ya 9 a configuration file for configuring said classification rule engine and for 

a 10 specifying said pre-specified values and information regarding at least one of said data 

1 1 flow, said rule set, and said plurality of traffic classes, 

Jjf 12 wherein said configuration file comprises a format that allows for the 

~ 13 modification and reconfiguration of said classification rule engine, said data flow, said 

14 rule set, and said plurality of traffic classes. 

1 2. The system of Claim 1, wherein said data flow managing mechanism includes a 

2 flow table mechanism configured to perform at least one of capturing said information 

3 contained in said data flow, mapping a packet to a data flow, identifying said data flow 

4 based on said captured information, registering active data flows, and deleting inactive 

5 data flows. 

1 3. The system of Claim 2, wherein said plurality of rules comprise a data structure 

2 including, 
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3 event indicia for indicating the invocation of one of said rules, 

4 condition indicia for representing a comparison or condition between said 

5 one of said rules and said pre-specified values, and 

6 action indicia for indicating the execution of an action based on results of 

7 said comparison. 



1 4. The system of Claim 3, wherein said action indicia includes information for at 

2 least one of designating said data flow as one of said traffic classes and chaining to 
^ 3 another of said rules 

i2 1 5. The system of Claim 4, wherein said classification engine classifies said data 

ry 2 flow into one of said traffic classes in accordance with a dynamic classification scheme. 

ru 

a 1 6. The system of Claim 5, wherein said data flow managing mechanism identifies 

N» 2 said data flow as a particular type of traffic. 

i y 

Ft § 

O 1 7. The system of Claim 6, further comprising a traffic monitoring mechanism 

p 

2 configured to monitor attributes of said data flow and to provide update information to 

3 said data flow managing mechanism. 



1 8. The system of Claim 7, wherein said traffic monitoring mechanism comprises a 

2 plurality of traffic monitors, each of said traffic monitors being capable of monitoring and 

3 measuring at least one predetermined attribute of said data flow. 

1 9. The system of Claim 8, wherein said traffic monitors comprise a data structure 

2 including, 

3 identifier indicia for identifying a type of traffic monitor, and 
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4 value indicia for indicating a value measured by said traffic monitor. 

1 10. The system of Claim 9, wherein classification engine comprises a data 

2 structure including, 

3 traffic type indicia indicating the traffic type of said data flow, 

4 traffic class indicia representing the different classes of traffic 

5 corresponding to the traffic type, 

6 transition indicia indicating transitions from one of said traffic classes to 
n 7 another of said traffic classes, and 

Q 8 rule indicia containing traffic monitor information, corresponding rule 

Mb 

Sj 9 information, said predefined values, and transition class information, 

n I 

y3l0 wherein said classification engine compares said traffic monitor 

? / 1 1 information to said rule and said predefined values to classify said data flow into a traffic 

J! 12 class corresponding to said traffic type. 

i y 
* y 

22 1 11. The system of Claim 4, wherein said classification engine classifies said data 

2 flow into one of said traffic classes in accordance with a Layer-7 classification scheme. 

1 12. The system of Claim 11, wherein said classification engine selects a 

2 predetermined packet from said data flow containing application information. 

1 13. The system of Claim 12, wherein said classification engine comprises a data 

2 structure including, 

3 information location indicia indicating the location where said application 

4 information is contained within said predetermined packet, 
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5 character indicia defining the number of characters within said location 

6 indicia to be compared, and 

7 pattern indicia representing a pattern corresponding to a particular traffic 

8 class. 

1 14. The system of Claim 13, wherein said classification engine compares 

2 said pattern indicia to said character indicia to classify said data flow into said traffic class. 

1 1 5. A method of classifying a data flow, comprising: 

Jpf 2 identifying, tracking, and managing said data flow by a data flow managing 

i2 3 mechanism; 

fy 4 comparing information contained in said data flow with a plurality of rules 

- ST"- . 

ft 1 5 containing pre-specified values, said plurality of rules included in a rule set; and 

6 classifying, by a configurable classification rule engine, said data flow into 

7 one of a plurality of traffic classes based on results of said comparisons between said rules 

8 and said pre-specified values; 

9 wherein said classification rule engine is configured by a configuration file, 

10 said configuration file specifying said pre-specified values and information regarding at 

1 1 least one of said data flow, said rule set, and said plurality of traffic classes, and 

12 wherein said configuration file comprises a format that allows for the 

13 modification and reconfiguration of said classification rule engine, said data flow, said 

14 rule set, and said plurality of traffic classes. 

1 16. The method of Claim 15, wherein said data flow managing mechanism 

2 includes a flow table mechanism configured to perform at least one of capturing said 

3 information contained in said data flow, mapping a packet to a data flow, identifying said 
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4 data flow based on said captured information, registering active data flows, and deleting 

5 inactive data flows. 

1 17. The method of Claim 16, wherein said plurality of rules comprise a data 

2 structure including, 

3 event indicia for indicating the invocation of one of said rules, 

4 condition indicia for representing a comparison or condition between said 

5 one of said rules and said pre-specified values, and 

f*s 6 action indicia for indicating the execution of an action based on results of 

%j 7 said comparison. 

fU 1 18. The method of Claim 17, wherein said action indicia includes information for 

FU 2 at least one of designating said data flow as one of said traffic classes and chaining to 

M> 3 another of said rules. 

fU 

Lif 1 19. The method of Claim 18, wherein said classification engine classifies said data 

" 2 flow into one of said traffic classes in accordance with a dynamic classification scheme. 

1 20. The method of Claim 19, wherein said data flow managing mechanism 

2 identifies said data flow as a particular type of traffic. 

1 21. The method of Claim 20, further comprising a traffic monitoring mechanism 

2 configured to monitor attributes of said data flow and to provide update information to 

3 said data flow managing mechanism. 
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1 22. The method of Claim 21, wherein said traffic monitoring mechanism 

2 comprises a plurality of traffic monitors, each of said traffic monitors being capable of 

3 monitoring and measuring at least one predetermined attribute of said data flow. 

1 23. The method of Claim 22, wherein said traffic monitors comprise a data 

2 structure including, 

3 identifier indicia for identifying a type of traffic monitor, and 

4 value indicia for indicating a value measured by said traffic monitor. 

*S 1 24. The method of Claim 23, wherein classification engine comprises a data 

l2 2 structure including, 

t = 

fU 3 traffic type indicia indicating the traffic type of said data flow, 

ry 4 traffic class indicia representing the different classes of traffic 

H 5 corresponding to the traffic type, 

Ft z 

6 transition indicia indicating transitions from one of said traffic classes to 

7 another of said traffic classes, and 

8 rule indicia containing traffic monitor information, corresponding rule 

9 information, said predefined values, and transition class information, 

10 wherein said classification engine compares said traffic monitor 

1 1 information to said rule and said predefined values to classify said data flow into a traffic 

12 class corresponding to said traffic type. 

1 25. The method of Claim 18, wherein said classification engine classifies said data 

2 flow into one of said traffic classes in accordance with a Layer-7 classification scheme. 
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1 26. The method of Claim 25, wherein said classification engine selects a 

2 predetermined packet from said data flow containing application information. 

1 27. The method of Claim 26, wherein said classification engine comprises a data 

2 structure including, 

3 information location indicia indicating the location where said application 

4 information is contained within said predetermined packet, 

5 character indicia defining the number of characters within said location 
las 6 indicia to be compared, and 

Cj 7 pattern indicia representing a pattern corresponding to a particular traffic 

%j 8 class. 

f* = 

fU 1 28. The method of Claim 27, wherein said classification engine compares said 

3 

p 2 pattern indicia to said character indicia to classify said data flow into said traffic class. 

nj 

jW- 1 29. A machine-readable medium encoded with a plurality of processor-executable 

u 2 instruction sequences for classifying a data flow, said instruction sequences comprising: 

3 identifying, tracking, and managing said data flow by a data flow managing 

4 mechanism; 

5 comparing information contained in said data flow with a plurality of rules 

6 containing pre-specified values, said plurality of rules included in a rule set; and 

7 classifying, by a configurable classification rule engine, said data flow into 

8 one of a plurality of traffic classes based on results of said comparisons between said rules 

9 and said pre-specified values; 
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10 wherein said classification rule engine is configured by a configuration file, 

1 1 said configuration file specifying said pre-specified values and information regarding at 

12 least one of said data flow, said rule set, and said plurality of traffic classes, and 

13 wherein said configuration file comprises a format that allows for the 

14 modification and reconfiguration of said classification rule engine, said data flow, said 

15 rule set, and said plurality of traffic classes. 

1 30. The machine-readable medium of Claim 29, wherein said data flow managing 

^ 2 mechanism includes a flow table mechanism configured to perform at least one of 

3 capturing said information contained in said data flow, mapping a packet to a data flow, 
Sj 4 identifying said data flow based on said captured information, registering active data 
Jp 5 flows, and deleting inactive data flows. 

: Li 

s 

H= 1 31. The machine-readable medium of Claim 30, wherein said plurality of rules 

LH 2 comprise a data structure including, 

i y 

b; 3 event indicia for indicating the invocation of one of said rules, 

4 condition indicia for representing a comparison or condition between said 

5 one of said rules and said pre-specified values, and 

6 action indicia for indicating the execution of an action based on results of 

7 said comparison. 

1 32. The machine-readable medium of Claim 31, wherein said action indicia 

2 includes information for at least one of designating said data flow as one of said traffic 

3 classes and chaining to another of said rules. 
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33. The machine-readable medium of Claim 32, wherein said classification engine 
classifies said data flow into one of said traffic classes in accordance with a dynamic 
classification scheme. 

34. The machine-readable medium of Claim 33, wherein said data flow managing 
mechanism identifies said data flow as a particular type of traffic. 

35. The machine-readable medium of Claim 34, further comprising a traffic 
monitoring mechanism configured to monitor attributes of said data flow and to provide 
update information to said data flow managing mechanism. 

36. The machine-readable medium of Claim 35, wherein said traffic monitoring 
mechanism comprises a plurality of traffic monitors, each of said traffic monitors being 
capable of monitoring and measuring at least one predetermined attribute of said data 
flow. 

37. The machine-readable medium of Claim 36, wherein said traffic monitors 
comprise a data structure including, 

identifier indicia for identifying a type of traffic monitor, and 
value indicia for indicating a value measured by said traffic monitor. 

38. The machine-readable medium of Claim 37, wherein classification engine 
comprises a data structure including, 

traffic type indicia indicating the traffic type of said data flow, 
traffic class indicia representing the different classes of traffic 
corresponding to the traffic type, 
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6 transition indicia indicating transitions from one of said traffic classes to 

7 another of said traffic classes, and 

8 rule indicia containing traffic monitor information, corresponding rule 

9 information, said predefined values, and transition class information, 

10 wherein said classification engine compares said traffic monitor 

1 1 information to said rule and said predefined values to classify said data flow into a traffic 

12 class corresponding to said traffic type. 

^ 1 39. The machine-readable medium of Claim 32, wherein said classification engine 

Ci 2 classifies said data flow into one of said traffic classes in accordance with a Layer-7 

Sj 3 classification scheme. 

fU 

fU 1 40. The machine-readable medium of Claim 39, wherein said classification engine 

2 selects a predetermined packet from said data flow containing application information. 

jjf 1 41. The machine-readable medium of Claim 40, wherein said classification engine 

^ 2 comprises a data structure including, 

3 information location indicia indicating the location where said application 

4 information is contained within said predetermined packet, 

5 character indicia defining the number of characters within said location 

6 indicia to be compared, and 

7 pattern indicia representing a pattern corresponding to a particular traffic 

8 class. 
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42. The machine-readable medium of Claim 41 , wherein said classification engine 
compares said pattern indicia to said character indicia to classify said data flow into said 
traffic class. 
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